SaltStack has officially revealed three bugs in its code – two of them seemingly critical – and told users: “We strongly recommend that you prioritize this update.” But the biz appears to have known about the bugs for months and quietly patched them over the summer.
SaltStack offers open-source, Python-based automation tools. It was acquired by VMware in October, and Virtzilla hailed the deal as completing and extending its automation offerings and to help it provide a full-stack offering.
However, VMware acquired three bugs along the way. They’re formally known as CVE-2020-16846, CVE-2020-17490, and CVE-2020-25592.
The first means “an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client.” ..
Support the originator by clicking the read the rest link below.
